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Mozilla Firefox (Version 106.0.5 - x64) 
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Firefox Profile Path 


Firefox 4, Profile ID Josegqp[gddloraSi1 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profileID] .default\ 


C:\Users\XXX\AppData\Local\Mozilla\Firefox\Profiles\ [profileID].default\ 


Bh! BW =| Proie 
Home Share View 
¢ » @ || | ThisPC > Local Disk(C:) > Users >» DFM > AppData » Roaming » Mozilla > Firefox > Profiles 


“w 


] azm 4 Name Date modified Type Size 
_, Compressed || 902tyap1 default 9/30/2022 3:20PM File folder 
w= EXAMPLE DIS (G ___ ss8fxdtd.default-release 11/4/2022 11:55AM File folder 


111 & Oh = | Profiles 
Home Share View 
€ v L] > ThisPC » Local Disk(C:) » Users » DFM » AppData » Local » Mozilla » Firefox > Profiles > 


“a 


“ Name Date modified Type Size 
we Quick access 
| | 902tyap!.default 9/30/2022 3:20PM ___File folder 
I Desktop # 
a ss8fx4td.default-release 11/4/2022 11:47 AM _ File folder 


4 Downloads # 


Firefox Profile Path 


BROWSER FORENSICS 


Navigation History + Bookmarks (SQLite Database) 


Navigation History (SQLite Database) 


Firefox 4, History Cepten) @0390920002000(gd0lo0051 Places.sqlite come 


moz_Places Table 99 History 602§dlos05iI 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profile|D].default-release 
\places.sqlite 


ss8fx4td.default-release 


Share View 


> ThisPC >» Local Disk(G:) » Users » DFM > AppData >» Roaming » Mozilla > Firefox » Profiles > ss8fx4td.default-release 


“~ 


s ** Name Date modified Type Size 
of EZ] pkcs11 9/30/2022 3:20PM —— Text Document 1KB 
* |) places.sqlite 11/4/2022 1:54PM —SQLITE File 5,120 KB. 
‘[) places.sqlite-shm 11/4/2022 8:55AM — SQLITE-SHM File 32KB 
id L places.sqlite-wal 11/4/2022 1:54PM — SQLITE-WAL File 2,434 KB 
Table: | moz_places V8S%2 ABBAS AD lta | 
id url title rev_host visit_count 
Filter |Filter Filter Filter Filter 
1 23 https://www.google.com/url?... moc.elgoog.www. 2 
2 24 https://www.tp-link.com/us/support/download/t-wrl043nd/ Download for TL-WR1043ND | TP-Link moc.knil-pt.www. 3 
3 27 https://www.tp-link.com/us/support/download/tl-wr1043nd/... Download for TL-WR1043ND | TP-Link moc.knil-ptwww, 1 
4 29 https://www.google.com/url?... moc.elgoog.www. 1 
5 30 https://www.userdrivers.com/LAN-Network-Adapter/TP-LIN... Download TP-LINK TL-WR1043ND V1 Wireless... moc.srevirdresu.www. 1 
6 37 https://www.google.com/url?... moc.elgoog.www. 1 


Open Places.sqlite (moz_Places Table) With DB Browser 
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Bookmarks (SQLite Database) 


: x fe) c c eC ° 
Firefox ¢, Bookmarks ¢o20) @0320930002022(g60lo2051 Places.sqlite 


o6ag moz_ bookmarks Table g2§lor051 


Table: |__| moz_bookmarks “if 2+ @8868° 88 » [Filter in any... 
id type fk _ parent position title keyword_id folder_type 

1 1 2 0 0 

2 2 2 1 0 menu 

3 a 2 1 1 toolbar 

4 4 2 1 2 tags 

5 5 2 1 3 unfiled 

6 6 = 1 4 mobile 

7 7 2 2 0 Mozilla Firefox 

8 8 1 z F 4 0 Get Help 

9 9 1 a 7 1 Customize Firefox 

10 10 1 4 7 2 Get Involved 

11 11 1 5 7 3 About Us 

12 12 1 7 3 0 Getting Started 

13 13 1 58 3 1 Digital Forensics Myanmar 


moz_bookmarks Open With DB Browser 
Bookmarks Backups (JSON) 


Firefox @, Bookmarks Backup 60303 9039092000:020(gd0los051 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\bookmarkbackups\ 


7) « aungz >» AppData > Roaming >» Mozilla > Firefox > Profiles > k4eqcux8.default-release >» bookmarkbackups ~ & Search bookmarkbackups 


a Name Date modified Type Size 


1D) pookmarks-2022-11-06_11_GbopKLiSaAEwlZKeb2IhgA== 11/6/2022 4:56 PM JSONLZ4 File 1KB 


BROWSER FORENSICS 


guid title index dateAdded lastModified id typeCode iconUri 

IWm4-rAoN786 Get Help 1667730009028000 1667730009028000|8 |1 fake- = -uri: —s //support.mozi 
_KQZPKTE2Nnxm cases [1 [ern [erp [nrc perien 
aQ6ufe-SX76A — eo 16677300090 i fake-favicon-uri: —— /foowwe.mozilla. 
MXq2FQm1wWWW | About Us eH arrows fake-favicon-uri:https://www.mozilla. 
e00fUrOd59C 16677300090. rs 
menu___ Een p- srr ers p——[ 
ZgjtO3Iowty [Getting Started [oS 1667730009117000__|1667730009117000]72|1_____| fake-favicon-urihhttps://www.mozillag 
toolbar__ footer 1 16srrs000s7 0000 —]166rrs0ooerr7o00)3 [2] 
unfiled__ junfled [3 1667730008710000 _| a es 
mobile [mobile 4 __]166773000874s000_|1667730009003000[6 ]2_[ + 


Open With JSON Viewer 


Cookies (SQLite Database) 


Cookies 60203@0599020002000{gH0lo>051I 
L 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\cookies.sqlite 


Share View 


> ThisPC » Local Disk (C:) >» Users >» DFM >» AppData » Roaming » Mozilla » Firefox » Profiles >» ss8fx4td.default-release 


“~ 


oe Name Date modified Type Size 

e 4 content-prefs.sqlite 11/1/2022 2:54 PM SQLITE File 256 KB 

e | laa cookies.sqlite 11/4/2022 3:38 PM SQLITE File 1,536 KB 

7 |] cookies.sqlite-shm 11/4/2022 8:55AM SQLITE-SHM File 32 KB 
| cookies.sqlite-wal 11/4/2022 10:42 AM SQLITE-WAL File 641 KB 


v 


Database Structure Browse Data Edit Pragmas Execute SQL 


Table: __| moz_cookies 4 g 6 = c=] & cy f=) yy » |Filter in any columr 


value host % 

112 false support.f5.com 

113 c5a0-6295-0f7e-898f-126d-b02b-59eb-5e88 support.f5.com 

114 1665547420511 support.f5.com 

115 1 support.f5.com 

116 59.57626632718041 support.f5.com 

117 2 support.f5.com 

118 eyJhbm9uVXNIckIkIjoiINDMOZTUyZDYtMjk1MSOON...  .f5.com 

119 None api-u.f5.com 

120 R:23|g:822f818a-0d3e-4996-8ac4-93ablaa7f0b... api-u.f5.com 


Cookies.sqlite Open With DB Browser 
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Cache 

en sn fe) Cc qjoc D>) . fe) 
Browser 999¢90) Website ¢co30) 6g009026[036 383 Website co20) 
gEo3aa0] vcoesa[O3Sc0005 8[G:(g§a0§ea006 Browser a2 Cache sa6g§ 


c002§020{gd0los051 


C:\Users\XXX\AppData\Local\Mozilla\Firefox\Profiles\[profilelD].default- 
release\cache2\entries 


C:\Users\XXX\AppData\Local\Mozilla\Firefox\Profiles\[profilelD].default- 
release\startupCache 


are View 


This PC » Local Disk (C:) >» Users >» DFM » AppData >» Local >» Mozilla > Firefox » Profiles >» ss8fx4td.default-release > 


“a 


= Name Date modified Type Size 
11/4/2022 3:42 PM File folder 
|_| jumpListCache 11/3/2022 1:02PM ___ File folder 
es safebrowsing 11/4/2022 3:17 PM File folder 
_. settings 9/30/2022 3:20 PM File folder 
11/4/2022 8:57 AM__File folder 
_, thumbnails 10/27/2022 8:56 AM File folder 


https://tpce.googlesyndication.com 
https://pagead2.googlesyndication.com; script-sre 
https://tpc.googlesyndication.com 
https://pagead2.googlesyndication.com ‘unsafe-eval't ‘unsafe- 
inline'" https://ajax.googleapis.com/ajax/ 
https://s0.2mdn.net/ads/studio/cached_libs/ 
https://storage.googleapis.com/vr-assets— 
static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ 
https://www.gstatic.com/swiffy/; object-sre 
https://tpc.googlesyndication.com 
https://pagead2.googlesyndication.com; style-sre 
https://tpc.googlesyndication.com 
https://pagead2.googlesyndication.com ‘unsafe-eval' ‘unsafe- 
inline" https://ajax.googleapis.com/ajax/ 
https://fonts.googleapis.com; img-srce 


Firefox Cache 


BROWSER FORENSICS 


Form History (SQLite Database) 


. Oo OC c )| c 
Login Form 6020) 08630022020(g0 ODOOII 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\formhistory.sqlite 


ss8fx4td.default-release 
Share View 


a > ThisPC » Local Disk(C:) » Users » DFM » AppData » Roaming » Mozilla > Firefox >» Profiles » ss8fx4td.default-release > 


“w 


¢* Name Date modified Type Size 
s # |_| favicons.sqlite 11/4/2022 3:18PM = SQLITE File 4,256 KB 
s 7 favicons.sqlite-shm 11/4/2022 8:55AM — SQLITE-SHM File 32 KB 
+ [7 favicons.sqlite-wal 11/4/2022 3:47PM = SQLITE-WAL File 2,082 KB 
i formhistory.sqlite 11/4/2022 1:51PM — SQLITE File 256 KB 


11/4/9222 1-54 DM ISON File 1KR 


_ONew Database @ Open Database _ Write Changes Revert Changes glOpen Project 


Database Structure  BrowseData EditPragmas Execute SQL 


Table: _| moz_formhistory v 8B %* ry ha Ed &  S& _~ » '/Filter in any colun 


id fieldname value timesUsed 


1 emailOrUsername aungzawmyo 24: 
2 emailOrUsername azm 

3 emailOrUsername mr.azm 

4 email @gmail.com 


5 searchbar-history youtube 


no uw F&F Ww Ne 
Ke Ww WwW WwW 


6 searchbar-history nginx fail control process exicted error 


Form History Open With DB Browser 


BROWSER FORENSICS 


Addons + Extensions (JSON) 


cg c > : fe) c 
Browser 92 ©op909C:000%0) Addons, Extension Go20)g@O32092000:009 


Cc c 
[gdclos05 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\addons.json 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\extensions.json 


0 
1 
id : browser-mon@xdman.sourceforge.net 


name : XDM Browser Monitor 


sourceURI : https://addons.mozilla.org/firefox/downloads/file/37 10348/xdm_browser_monitor-2.2.xpi 
homepageURL : https://github.com/subhra74/xdm 

supportURL : https://github.com/subhra74/xdm 

description : XDM integration module for Firefox Quantum.This addon should be used with XDM 2018 z 
fullDescription : Xtreme Download Manager is a powerful tool to increase download speed up-to 500%, 


XDM seamlessly integrates with Google Chrome, Mozilla Firefox Quantum, Opera, Vivaldi and many por 


4 JSON 
schemaVersion : 35 
4 addons 

40 
id : xdm-integration-module@subhra74.github.io 
syncGUID : {07917501-f955-4869-bf92-669d1c2b8e3q} 
version : 1.0 
type : extension 
loader : 


Addons, Extension Open With JSON Viewer 
Favicons (SQLite Database) 


¢ . : QoQ 90°C 
Browser o0e§ (@CO00%05 Website 6024, Favicon Image 6020) 2960092009 


Cc c 
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C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\favicons.sqlite 


BROWSER FORENSICS 


Share View 


| > ThisPC » Local Disk (C:) >» Users >» DFM » AppData » Roaming » Mozilla > Firefox >» Profiles > ss8fx4td.default-release 


“~ 


2 ic Name Date modified Type Size 
4 & extensions,json 11/4/2022 8:55 AM JSON File 83 KB 
; [ j favicons.sqlite 11/4/2022 3:18 PM SQLITE File 4,256 KB 
* i favicons.sqlite-shm 11/4/2022 8:55 AM —— SQLITE-SHM File 32 KB 
e i favicons.sqlite-wal 11/4/2022 3:47 PM SQLITE-WAL File 2,082 KB 
Database Structure Browse Data Edit Pragmas Execute SQL | 
Table: |_| moz_icons me | er 6 2 c=y B Ee 4 » |Filter in any column 
icon_url fixed_icon_url_hash width “~ 


3647177991 16 
3647177991 32 
2449391571 
1453533955 16 
1453533955 32 
1503439242 65535 


19 181 https://cdn.sstatic.net/Sites/stackoverflow/Img/... 
20 182 https://cdn.sstatic.net/Sites/stackoverflow/Img/... 
21 183 https://cdn.sstatic.net/Sites/serverfault/Img/appl... 
22 184 https://cdn.sstatic.net/Sites/serverfault/Imq/... 
23 185 https://cdn.sstatic.net/Sites/serverfault/Imq/... 


144 


24 186 https://github.githubassets.com/favicons/... 


Favicons.sqlite Open With DB Browser 
Logins & Passwords (JSON) 
Login and Password 60203 Browser 99 gasa09z000%6 602499 [gdclos05 


Login 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\logins.json 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\logins-backup.json 


10 


BROWSER FORENSICS 


Share View 


> ThisPC >» Local Disk (C:) >» Users » DFM » AppData >» Roaming » Mozilla > Firefox > Profiles >» ss8fx4td.default-release 


“aw 


Name Date modified Type Size 
|] logins.json 10/19/2022 1:19PM JSON File 4KB 
|_|] logins-backup,json 10/12/2022 4:05PM JSON File 3KB 


A 


4 JSON 
nextld : 8 
4 logins 

bO 

41 
id:3 
hostname: htt) :/—_——_—— 
httpRealm : 
formSubmitURL : http://——— 
usernameField : username 
passwordField : password 
encryptedUsername : MDIEEPGAAAAAAAAAAAAAAAAAAAEWFAY IKoZlhvcNAwcECEkm2u7HVjXrBAi0r8DA+5U6tQ== 
encryptedPassword : MDIEEPGAAAAAAAAAAAAAAAAAAAEWFAYIKoZlhvcNAwcECO8MHVoPAWJABA)9xyAlgWEOTw== 
guid : {7fc58771-fabe-4632-8ae2-d8380e738c46} 
encType: 1 
timeCreated : 1664855475988 
timeLastUsed : 1665559378137 
timePasswordChanged : 1664855475988 


Logins.json Open With JSON Viewer 


id:3 

hostname : http:// 

httpRealm : 

formSubmitURL : http:/ 

usernameField : username 

passwordField : password 

encryptedUsername : MDIEEPGAAAAAAAAAAAAAAAAAAAEWFAY IKoZlhvcNAwcECEkm2u7HVjXrBAi0r8DA=5U6tQ== 
encryptedPassword : MDIEEPGAAAAAAAAAAAAAAAAAAAEWFAY IKoZI hvcNAwcECO8MHVoPAWJABA)9xyAlgWEOTW== 
guid : {7fc58771-fabe-4632-8ae2-d8380e738c46} 

encType : 1 

timeCreated : 1664855475988 

timeLastUsed : 1665559378137 

timePasswordChanged : 1664855475988 

timestised : 11 


Logins.backup.json Open With JSON Viewer 


11 


BROWSER FORENSICS 


Passwords 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\key4.db (New Version) 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\key3.db (Older Version) 


Share View 


« Local Disk (C:) » Users » DFM > AppData >» Roaming » Mozilla > Firefox » Profiles > ss8fx4td.default-release 


“A 


¢* Name Date modified Type Size 
¢ |) key "40/11/2022 3:44PM Data Base File 288 KB. 
o logins,json 10/19/2022 1:19PM JSON File 4 KB 
a i logins-backup.json 10/12/2022 4:05PM JSON File 3 KB 
“a om 6 . a2 ne emmme oe mee om mes ame = oom 


Database Structure BrowseData EditPragmas Execute SQL 

Table:| |_| metaData 8 3% B28 &B 4 »fFiterinanycoum 
id item1 item2 

password 

sig_key_1741bSaf_00000011 

sig_cert_33df6a88_ce536360 

sig_cert_33df6a88_ce53635a 

sig_cert_33df6a88_ce5363b4 

sig_cert_33df6a88_ce53635b 

sig_cert_33df6a88_ce5363b5 


— 


an OD WwW & Ww NW 


K4.db Open With DB Browser 


a2 


Sessions Data (JSON) 


. je) c c c 
Browser Session 60203@0920020002002[{gH0lo>05iI 


ley Qo co ec Se) c . . fe] 2) c 
J]§or BasGasegecSayé Sessionstore-backup File a302(§: Restore aodar0 
L U et Look L 


ae) 


ge 


Cc c 
Eolov05i 


BROWSER FORENSICS 


Investigation code 
g PUSS 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\sessionstore-backups\ 


Share View 


| >» ThisPC >» Local Disk (C:) >» Users » DFM » AppData » Roaming » Mozilla > Firefox » Profiles >» ss8fx4td.default-release » sessionstore-backups 


a 


#¢ Name Date modified Type Size 
7 11/6/2022 2:13PM — JSONLZA4 File 2 KB 
” recovery. baklz4 ° 11/6/2022 2:44 PM BAKLZ4 File 22 KB 
of | recovery 11/6/2022 2:44PM JSONLZ4 File 22 KB 
- ] ej 11/1/2022 4:43PM = JSONLZ4-2022103... 426 KB 
11/4/2022 8:54AM = JSONLZ4-2022110... 51 KB 
: 11/6/2022 2:13PM = JSONLZ4-2022110... 2 KB 
tio! 
File 
4 JSON 
b version 
> windows 
selectedWindow : 0 
_closedWindows 
> session 
global 
> cookies 
Filter by type: | https://accounts.google« 
oauth2cs::https; itent.com 


oogle.com“ partitionKey=%28https%2Cfile-extensions.org%29 
|) —————T ttps://nasbench.medium.com 

https://www.google.com 

https://www.google.com*“ partitionKey=%28https%2Cfile-extensions.org%29 
https://www.google.com* partitionKey=%28https%2Cfileinfo.com%29 
originAttributes 

presState 


Open With JSON Viewer 
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BROWSER FORENSICS 


Downloads (SQLite Database) 
Firefox oo6$ Download [g)e95c00303 File 60203@0500930003020[gbdloo05i 


\ 


. . e) C¢ 
Places.sqlite File osane moz_annos Table COEDS bloooSi 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\places.sqlite 


Users > aungz » AppData » Roaming » Mozilla > Firefox » Profiles » k4eqcux8.default-release 


es Name - Date modified Type Size 
|_| ExperimentstoreVatajson llf/o/ dude 4:49 PM JOUN File I KB 
Lj extension-preferences.json 11/6/2022 5:30 PM JSON File 2 KB 
Lj extensions.json 11/6/2022 5:30 PM JSON File 60 KB 
Lj favicons.sqlite (2022 6:48 PM SOLITE File 5,120 KB 
Lj formhistory.sqlite 22 6:33 PM SOLITE File 256 KB 
| ‘| handlers.json 11/6/2022 4:49 PM JSON File 1KB 
[2] key4 11/6/2022 5:21 PM Data Base File 288 KB 
| ‘| logins.json 11/6/2022 5:23 PM JSON File 1KB 
Li logins-backup.json 11/6/2022 5:21 PM JSON File 1KB 
Lj parent.lock 11/6/2022 6:50 PM LOCK File OKB 
Lj permissions.sqlite 11/6/2022 6:33 PM SQLITE File 96 KB 
=] pkes11 11/6/2022 4:49 PM Text Document 1 KB 
rece] 


Database Structure Browse Data Edit Pragmas Execute SQL 


Table: |_| moz_annos nn a a ray B a ss 4g [Fitter in any column 
anno_attribute_id content flags expiration type dateAdded lastModified 
[Filter [Filter [Filter [Fitter [Fitter [Fitter [Filter 

1 1 file:///C:/Users/aungz/Downloads/USB_Printer_Controller_Utility_Windows_1479888897042h.zip 0 4 3 

2 2 {"state":1,"deleted":false,"endTime":1667731403436, "fileSize":14951525} i) 4 3 

3 1 file:///C:/Users/aungz/Downloads/TL-WR1043ND_v1_130428.zip 0 4 3 1667731526900000 1667731526900000 
4 2 {"state":1,"deleted":false,"endTime":1667731538579, "fileSize":4659280} 0 4 3 1667731538591000 1667731538591000 
5 1 file:///C:/Users/aungz/Downloads/TL-WR1043ND_V3_151021_US.zip it) 4 3 1667731593387000 1667731593387000 
6 2 {"state":1,"deleted":false,"endTime":1667731604403, "fileSize":5136688} 0 4 3 1667731604418000 1667731604418000 
ye 1 file:///C:/Users/aungz/Downloads/openwrt-22.03.2-ath79-generic-tplink_tl-wr1043nd-v1-squashfs-... 0 4 3 1667731712707000 1667731712707000 
8 2 {"state":1,"deleted":false,"endTime": 1667731732376, "fileSize":8126464} 0 4 3 1667731732390000 1667731732390000 
9 1 file:///C:/Users/aungz/Downloads/OperaSetup.exe 0 4 3 1667732137553000 1667732137553000 
10 1 file:///C:/Users/aungz/Downloads/OperaSetup(1).exe 0 4 3 1667732138790000 1667732138790000 
11 2 {"state":3,"deleted":false,"endTime": 1667732140623} 0 4 3 1667732140628000 1667732140628000 
12 2 {"state":1,"deleted":false,"endTime": 1667732168135, "fileSize":2796928} it) 4 3 1667732168166000 1667732168166000 
13 1 file:///C:/Users/aungz/Downloads/HlaTaMain_Ditionary.pdf it) 4 3 1667735740036000 1667735740036000 
14 1 file:///C:/Users/aungz/Downloads/ManyWriters_ReadingAndHighPerson.pdf it) 4 3 1667735757143000 1667735757143000 


Places.sqlite File (moz_annos Table) 
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BROWSER FORENSICS 


Thumbnails 


Website gGodaadlgo (g§a0§eae06 go500020) Thumbnails Image 60208 


602 &éolos05i 
8. 


C:\Users\XXX\AppData\Local\Mozilla\Firefox\Profiles\[profilelD].default- 
release\thumbnails 


LI « Users > aungz >» AppData » Local » Mozilla > Firefox » Profiles >» k4eqcux8.default-release » thumbnails 


Prox a 
ts d = 


69833fcSeb58fb7 abcc2eeab03d17 cb633e99e6e2026 fe154971b3b9998 
iienelies c4a8e6e3f7bbaad b6f5832374a82c5 aa7laad4dbd50d f6df52822fec885c 
ee eld 42d 9 
ructio! 


Thumbnails Image 


Note - Firefox Version saecl gorp5(G: File ¢eqoco3 g2095603 @[goézod 
oosolozuSi Version @[goéza30:6069 dlqoos Artifacts cog02602) sa20ROP 
dldu eg005005 Commercial Tools § 603395192 Browser Version 
sae[(goE:aacde(ajoég oq], SqIOIGOROS eecl op238000 (gEéqgo[gdclooe5u 
Commercial Tools o> Browser Version gae(goE:sacdgo oq], 39Q|09390005 


60308 Browser Version e[gozodeaa03é: Up To Date ecops8éorse(j0E0 


Firfox @9 Sync 330309 Account o€coo2g saG0r2EG03999.03 History, 
Bookmarks ©02260309 a7§03 Account 602439 338aa6022G603900] Syn 
Data opoloresi 


as 


BROWSER FORENSICS 


Google Chrome (Version 105.0.5195.127 - X64) 
Profile Path 


Chrome Profile Data § sa8acq 703 Artifacts cogdloédlosu5 


C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default 


This PC >» Local Disk (C:) >» Users >» aungz >» AppData » Local » Google » Chrome » UserData >» Default > 


~ 


E Name Date modified Type Size 
fa Accounts 9/15/2022 11:26 AM File folder 
Gh AutofillStrikeDatabase 11/6/2022 4:39 PM File folder 
|) blob_storage 11/6/2022 4:38 PM File folder 
|_| BudgetDatabase 11/6/2022 4:39 PM File folder 
B Cache 2022 12:45 AM File folder 
|| Code Cache File folder 
fa coupon_db File folder 
|_| databases File folder 
a Download Service 9/13/2022 12:37 PM File folder 
fa Extension Rules 11/6/2022 4:59 PM File folder 
G Extension Scripts 11/6/2022 4:59 PM File folder 
G Extension State 11/6/2022 6:09 PM File folder 
|| Extensions Ze File folder 
|| Feature Engagement Tracker 42: File folder 
|) GCM Store /2 File folder 


Navigation History + Downloads + Search History (SQLite Database) 


Database Structure Browse Data Edit Pragmas Execute SQL 


table:[Jus I SS BB BS 4 >» fiterin any coum] 
id url title ie 


Filter [Fitter [Filter 


https://accounts.google.com/signin/chrome/sync... _©20290305:0E0) - Google Acco 


https://accounts.google.com/signin/chrome/sync... c003e03c:0E0) - Google Acco 


1 
= 
3 https://info.url.cloud.360safe.com/chrome64/... 360 Security Center 

4 https://accounts.google.com/signin/v2/challenge... cooeonce:0€0) - Google Acco 
5 https://accounts.google.com/signin/v2/challenge... ©202¢0203:0€0l - Google Acco 
6 https://accounts.google.com/signin/v2/challenge... ©202902c0:0E0l - Google Acco 
7 


https://accounts.google.com/signin/v2/ challenge... c005e030o:0E0) - Google Acco 


vy 7 UW fF WN & 


Navigation History 
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BROWSER FORENSICS 


Database Structure BrowseData EditPragmas Execute SOL 


races OO BS RS BS A >fenavatm 


id guid current_path 

13. 16 8fe7515a-b234-48fe-alfd-fe4Scb93b8aa ©: \Users\aungz\Downloads\s@1 220yo21 o: 
14-17 f0501117-a254-4529-9b59-19b33743b391 C:\Users\aungz\Downloads\771 acdosa02:¢ 
15 18 ac75ddbc-43e2-4fa2-8027-88f5e0d96708 C:\Users\aungz\Downloads\¢o1 wg) Og2 
16 19 a49f2181-8f67-4044-9736-c5cc8126a341 | C:\Users\aungz\Downloads\s |91 coscozwe 
17 20 8c298abe-0013-48a9-80cc-0f5d443979f3 | C:\Users\aungz\Downloads\s0@1 qan02! ¢ 
18 21 1e613ca2-b474-4c18-a245-7dad33de7650 C:\Users\aungz\Downloads\s001 339 (qc 
19 22 7e3e23a7-9691-4062-b65b-5c23f9450078 C:\Users\aungz\Downloads\3091 sad:60q9 
20 25 48342fd3-cf5c-4f39-9168-fb4910f8a19d = C:\Users\aungz\Downloads\1665714152_N 
21 26 7c7010e8-08b2-409c-8ce6-577135d65b3a C.... 

22 27 4c373a6a-6d81-4e50-901b-c8f2b29c3c3a C:\Users\aungz\Downloads\1665565132_L 


Download History 


_GNew Database Open Database — {i Write Changes @Revert Changes - (Open Project | 


Database Structure BrowseData EditPragmas Execute SQL 


Totten] SS > RA) BR S| A >fenacaml 


A 


keyword_id  url_id term I 
131 2 928 MCT welcome kit myanmar met welcome kit 
132 29 928 MCT welcome kit myanmar met welcome kit 
133 2 931 mct welcome kit burma met welcome kit t 
134 29 931 mct welcome kit burma met welcome kit | 
135 2 934 S2GoGvUNGoq\or[G 2021 meocvuncoqu 
136 29 «+934 meocouneoqur[s 2021 gGOGLUNGOQU 
137 2 935 260 eune[u yp: mp3 download G0 eune[p o 
138 29 «935 G0 eune[u & gp: mp3 download G0 eune[a o 


Search History 


BROWSER FORENSICS 


Cookies [SQLite Database] 


C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Network 


Local Disk (C:) >» Users >» aungz >» AppData » Local >» Google » Chrome > UserData > Default >» Network 


“a 


ie Name Date modified Type Size 
‘{ Cookies 11/6/2022 10:22PM _—_=séFrile 416 KB 
| | Cookies-journal 11/6/2022 10:22 PM File OKB 
| '] Network Persistent State 11/6/2022 10:16 PM File 58 KB 
| '| NetworkDataMigrated 9/13/2022 12:37 PM File OKB 
|] Reporting and NEL 11/6/2022 9:57 PM File 192 KB 
i Reporting and NEL-journal 11/6/2022 9:57 PM File OKB 
| | TransportSecurity 11/6/2022 9:57 PM File 57 KB 


Database Structure Browse Data Edit Pragmas Execute SQL 


ieee MS 8 2|\88 8 S| 4 >fenaycm| 
creation_utc host_key top_frame_site_key nee 

76 13310817159385218 login.microsoftonline.com AADSSOTILES 

77 13310817169502850 .login.microsoftonline.com ESTSAUTHPERSIS 

78 13310817159385119 login.microsoftonline.com ESTSSSOTILES 

79 13310817161771898 .login.live.com IgnoreCAW 

80 13310813166636483 portal.azure.com MSFPC 

81 13310812977775605 .login.microsoftonline.com brcap 

82 13310817169503048 login.microsoftonline.com buid 


Cookies Open With DB Browser 
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BROWSER FORENSICS 


Cache 


C:\Users\XXX\AppData\Local\Google\Chrome\UserData\Default\Cache\ 
Cache_Data 


« Users >» aungz >» AppData » Local » Google » Chrome » UserData » Default » Cache » Cache Data 


“~ 


“ Name Date modified Type Size 
||| data_0 11/7/2022 10:46 AM File 512 KB 
|] data 11/7/2022 10:46 AM File 7,688 KB 
“| data_2 11/7/2022 10:12 AM File 12,296 KB 
[| data_3 11/7/2022 10:43 AM File 110,600 KB 
[ || £.00000a 9/21/2022 12:45 AM File 42 KB 
[| £.00000c 9/21/2022 12:45 AM File 96 KB 
| | £.00000d 9/21/2022 12:45 AM File 42 KB 
| | £.000a4a 10/28/2022 4:24 PM File 180 KB 
[| £.000a4b 10/28/2022 4:24 PM File 87 KB 
Bookmarks [JSON] 


C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Bookmarks 


C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak 


This PC » Local Disk (C:) >» Users » aungz » AppData » Local » Google » Chrome » UserData » Default 


S Name Date modified Type Size 
__] Bookmarks 11/1/2022 7:18 PM File 198 KB 
| | Bookmarks.bak 10/14/2022 9:57 AM BAK File 197 KB 
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BROWSER FORENSICS 


4 JSON 
checksum : 8a92ac9c387604e4c3c9ab37ff8569bc 
4 roots 
4 bookmark_bar 
b children 
date_added : 13307690553733705 
date_modified ; 13310191665743714 
guid ; Obc5d13f-2cba-5d74-95 1f-3f233fe6c908 
id:1 
name : Bookmarks bar 
type : folder 
b other 
b synced 
sync_metadata : CtYBCrUBCIiBAHKUARJSCAISTgoGCgJibRABEDMaEgmAB8wVaOwFACGAB8wVaOwFACIUCVS8TiFo7 AUAEAEZOCoILTBI1jEyGAoWCAIRLg 12) WjsE 
version: 1 


Filter by type: | children . 


dateadded guid id name 
13185003747735399 | 8223e664-3ee6-44ef-aaad-8d4e750c17a5 | 28 |Get started on Medium A 
13185004770024940 | 0e1738d6-9854-4118-9494-243a3047a9a6 129 | Find My Facebook ID - Personal numeric ID 


13185006153890510 | 004b 1cac-b527-457e-b765-b9a8209b5947| 30 | OSINT Framework 

13185526766819302 | 76273df7-b686-4d3b-9aaf-4826f428311c |31 |KitPloit - PenTest Tools for your Security Arsenal @): Windows 
13185644308544683 | 04a4052-deee-4c88-act7-328d11d83228 [32 |illmob - make shit, break shit, do shit. 

13185650476229376 CiberPatrulla - Repository of links to OSINT Tools 
13185880761245798 | b405a62c-0563-4391-b0d8-518a76122972| 34 | DFIR Tools 


Bookmarks.json With JSON Viewer 


File 
4 JSON 
checksum : 8a92ac9c387604e4c3c9ab37ff8569bc 
> roots 
sync_metadata : Cv4BCtOBCIiBAhLWARISCAISOAoGCqJibRABEDMaEgmAzbSNCOkFACGAzbSNCOKFADIYChYIAhEV3 1 ueCOkFABGAIQAAAAAAAAAAEiwIiAhi4 
version : 1 
Filter by type: children vs 
dateadded guid id name 


13184994284358975 | 2e32a1c6-d87a-4201-96c7-3f5e67a8b75e |25 |OSINT Search Tool by IntelTechniques | Open Source Intelligence 
13184995113434481 OSINT Q, STASH 

13184998355615016 27 |Rocket.Chat 

13185003747735399 28 |Get started on Medium 

13185004770024940 | 0e1738d6-9854-4118-9494-243a30479a6 | 29 | Find My Facebook ID - Personal numeric ID 
13185006153890510 | 004b 1cac-b527-457e-b765-b9a820965947| 30 | OSINT Framework 

13185526766819302 | 76273df7-b686-4d3b-aaf-4826f428311¢ |31 |KitPloit - PenTest Tools for your Security Arsenal @): Windows 
13185644308544683 | 0a424052-deee-4c88-act7-328d11d83228 | 32 |illmob - make shit, break shit, do shit. 

13185650476229376 CiberPatrulla - Repository of links to OSINT Tools 


Bookmarks.bak With Json Viewer 
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BROWSER FORENSICS 


Forem History (SQLite Database) 


C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Web Data 


« aungz >» AppData >» Local » Google » Chrome » UserData » Default v ® O Search Default 
ui Name ° Date modified Type Size 

‘u ‘| Shortcuts-journal 11/6/2022 5:52 PM File OKB 
| Top Sites 11/6/2022 5:53 PM File 20 KB 
LI Top Sites-journal 11/6/2022 5:53 PM File 0 KB 
|_|] Trusted Vault 11/6/2022 4:38 PM File 1KB 
or ") Visited Links 11/2/2022 6:08 PM File 128 KB 
| '] Web Data 11/6/2022 8:41 PM File 448 KB 
v | | "| Web Data-journal 11/6/2022 8:41 PM File OKB| 


Database Structure Browse Data Edit Pragmas Execute SQL 


Table:| || eutof A722 +/@8\/8 8| >feme 


~ 


name value 
[Fitter [Filter 


25 = fullname 


26 search 
27 @q aung zZaw myo . 


28 keywords mobile 


29 phone : ae 


30 __azc-textBox-tsx9 —_—_—_— - 
31 = nationality Myanmar 
32 # viewer-url-input https://photographylife.com/wp-content 


Web Data.SQLite Open With DB Browser 


Favicons (SQLite Database) 


C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Favicons 


i « aungz >» AppData » Local » Google » Chrome » UserData » Default v 2 Search Default 
acku “ Name ° Date modified Type Size 
acku | Lj Favicons 11/6/2022 9:57 PM File 1,344 KB. 
[|] Favicons-journal 11/6/2022 9:57 PM File OKB 
[x] Google Profile Picture 11/6/2022 4:38 PM PNG File 58 KB 
© Google Profile 11/6/2022 4:38 PM Icon 188 KB 
**SOF [3] heavy_ad_intervention_opt_out 10/19/2022 3:16 PM Data Base File 16 KB 
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BROWSER FORENSICS 


—_ — vere wee —_ 


New Database @ Open Database ~ | -eiWrite Changes Z Revert Changes (Bopen Project 


Database Structure Browse Data Edit Pragmas Execute SQL 


Tae: favcone 18% 3|Q8\R B|* > femal 


A 


id url icon_type 
1 https://www.google.com/favicon.ico 
2 https://www.360.cn/favicon.ico 
3 https://www.google.com/gmail/about/static-2.0/... 


4 http://www.yudeonline.edu.mm/images/yude.ico 


uw £& WwW N F& 
a 


8 https://portal.azure.com/Content/favicon.ico 


Facvicons.SQLite Open With DB Browser 


Logins (SQLite Database) 


C:\Users\XXX\AppData\Local\Google\Chrome\UserData\Default\Login Data 


< aungz » AppData » Local >» Google » Chrome » UserData » Default v & O Search Defaul 
nal Name ° Date modified Type Size 
tu |] Loc 11/6/2022 4:39 PM File OKB 
_] LOG.old 11/2/2022 5:25 PM OLD File OKB 
| |_|] Login Data 11/6/2022 8:41 PM File 328 KB 
| Login Data For Account 9/13/2022 12:37 PM File 46 KB 
a |] Login Data For Account-journal 9/13/2022 12:37 PM File OKB 


Database Structure Browse Data Edit Pragmas Execute SQL 


Table:| |_| Ilegins JS B82 > & @ B B 4& _ »[Fiterin any column] 
origin_url action_url ts 

1 http:// —eeee |) / . 

2 http://rocket.forensicsmyanmar.com:3000/ 

3 http://rocket.forensicsmyanmar.com/ 

4 https://portal.azure.com/ 


Login Data Open With DB Browser 


BROWSER FORENSICS 


Sessions (Folder) 


C:\Users\XXX\AppData\Local\Google\Chrome\UserData\Default\Sessions 


>» AUNG ZAW MYO >» AppData » Local >» Google » Chrome > UserData >» Default > Sessions 


“~ 


ae Name Date modified Type Size 
Fe i Session_13312219546669237 11/6/2022 11:53 PM File 55 KB 
LI Session_13312266059876347 11/7/2022 10:12 AM File 16 KB 
. i Tabs_13311860077427283 11/2/2022 6:13 PM File 209 KB 
of 7 Tabs_13312202934493691 11/6/2022 11:53 PM File 257 KB 
¢ 
? 


Session Tabs Report Preview 

| Last Visited Tab Last Accessed Session Last Updated Title URL Referrer Web Browser (Profile) 
11/07/2022 04:14:38 New Tab chrome;//newtab/ Chrome (Profile 1) 
11/07/2022 04:14:38 New Tab chrome;//newtab/ Chrome (Profile 1) 

9 {11/07/2022 041437 httpsy//www.google.com/chror Chrome (Profile 1) 

9 | 1707/2022 041437 Google Chrome - Download th |https://www.google.com/chror Chrome (Profile 1) 

9 | 1707/2022 041437 Google Chrome - Download th | https://www.google.com/chror Chrome (Profile 1) 

9 {1707/2022 041437 Google Chrome - Download th |https://www.google.com/chror Chrome (Profile 1) 


Addons & Extensions (Folder) 


C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions 


| « Users >» aungz >» AppData >» Local » Google » Chrome » UserData » Default >» Extensions > 


“~ 


A Name Date modified Type Size 

° ’ a amfnegileeghgikpggcebehdepknalbf 9/15/2022 11:27 AM File folder 
. __| bmejphbfclcpmpohkggcjeibfilpamia 9/15/2022 11:28 AM File folder 
caciad __ bnjglocicdkmhmoohhfkfkbbkejdhdge 9/27/2022 1:01 PM File folder 
is # ny cfmnkhhioonhiehehedmnjibmampjiab 10/21/2022 2:33 PM File folder 
its # __| cknebhggccemgcnbidipinkifmmegdel 11/1/2022 7:15 PM File folder 
# G dkckaoghoiffdbomfbbodbbgmhjblecj 9/15/2022 11:28 AM File folder 

L4 eedigdlajadkbbjoobobefphmfkcchfk 11/1/2022 7:15 PM File folder 

in efbjojhplkelaegfbieplglfidafgoka 9/15/2022 11:28 AM File folder 
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BROWSER FORENSICS 


File 

4 JSON 

background 

browser_action 

commands 

content_scrais 

cso] cya ooo tre and organize online data for your investigations. Requires the Hunchly app (https://www.hunch.ly) 
icons 

key : MIIBIJANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2noU9cjor9QIi1 dAd2+qNCLYRNXxVLD+PG+01vzUzf09RRz50m TFO3bGpfagbjG/r 
manifest_version : 2 

name : Hunchly 2.0 


File 

4 JSON 

background 

browser_action 

content_scripts 

description : The Official Wayback Machine Extension - by the Internet Archive. 
homepage_url : https://archive.org/ 

icons 

key : MIIBIFANBgkghkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3awwK/MTAQBgRH7kebeUmNpU3jtbL7Q9ekNXSGPBATu! 
manifest_version : 2 

name ; Wayback Machine 

permissions 

update_url : https://clients2.google.com/service/update2/crx 

version : 3.1 

web_accessible_resources 


Addons & Extension Open With JSON Viewer 


Top Sites, Thumbnails (SQLite Data Base) 


C:\Users\XXX\AppData\Local\Google\chrome\User Data\Default\Top Sites 


This PC > Local Disk (C:) >» Users >» aungz » AppData » Local >» Google » Chrome » UserData » Default 


“ Name ° Date modified Type Size 
| |} PreferredApps 9/13/2022 12:37 PM File 1KB 
L Secure Preferences 11/7/2022 10:11 AM File 77 KB 
|] Shortcuts 11/6/2022 5:52 PM File 68 KB 
L Shortcuts-journal 11/6/2022 5:52 PM File OKB 
| i Top Sites 11/6/2022 5:53 PM File 20 KB 
. L} Top Sites-journal 11/6/2022 5:53 PM File OKB 


ry oes 
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BROWSER FORENSICS 


Database Structure Browse Data Edit Pragmas Execute SQL 


Table:| | top_sites Ss BS + & @ S&B SB 4» 'fRiterinany column 
url irl_rank title 

1 https://mcp.microsoft.com/ a 2 

2 https://www.google.com/gmail/ 8 Gmail: Private and secure email z 

3. https://www.linkedin.com/feed/ 7 Sign Up | LinkedIn 

4 _https://accounts.google.com/AddSession?... 6 < a 7 ° ©) - Google Accour 

5 https:/,"* : =| has 

6 http://.... °° > ee ae 4 °°" aoa 

7 https://www.blogger.com/blog/posts/... 3 Blogger: Posts 

8 https://www.forensicsmyanmar.com/ 2 Digital Forensics Myanmar 

9 https://v.. ny 1) L ~~ cseccgreereens 

10 https://p ~~ — 0 Redirecting 


Top Sites Open With DB Browser 


Chrome Profile (1) 
0260005808 Chr 5 58 5 al 5 : 6 
. ome 92 Syn 0Q320205 slgeUD0d ga[gozaacod 


899390205 232008 Profile ¢ 08 (8: codc8acloo0S sloxcoxs g9053{g 
it 08 . $ 08 eT 28} 3 i° [ 


¢ 


i | c : loRy Ic 
993860! 029501000511 Analysis 380C202609) 3a0R0D0I0II 


OD 
‘\ 
OD 
*~ il iL 


C:\Users\XXX\AppData\Local\Google\Chrome\User Data\{profile}\History 


Chrome MAC OS 


/Users/{username}/Library/Application Support/Google/Chrome/Default/History 


Users/{username}/Library/Application Support/Google/Chrome/{profile}/History 
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BROWSER FORENSICS 


This PC > Local Disk (C:) > Users >» aungz > AppData >» Local >» Google >» Chrome > UserData > Profile 1 > 


~ 


at Name Date modified Tre Size 
/ || Accounts 11/7/2022 10:12 AM File folder 
B AutofillStrikeDatabase 11/7/2022 10:12 AM File folder 
11/7/2022 10:12 AM File folder 
11/7/2022 10:12 AM File folder 
11/7/2022 10:11 AM File folder 
11/7/2022 10:11 AM File folder 
’ 11/7/2022 10:12 AM File folder 
11/7/2022 10:13 AM File folder 
11/7/2022 10:11 AM File folder 
11/7/2022 10:11 AM File folder 
11/7/2022 10:11 AM File folder 
+ 11/7/2022 10:12 AM File folder 
11/7/2022 10:11 AM File folder 


Who's using Chrome? 


With Chrome profiles you can separate all your Chrome stuff. Create 
profiles for friends and family, or split between work and fun. 


dfm Person 1 Add 


«' + 
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BROWSER FORENSICS 


Microsoft Edge (Version 106.0.1370.52 X64) 


Profile Path 


C:\Users\XXX\AppData\Local\Microsoft\Edge\User Data\Default 


j > ThisPC >» Local Disk (C:) >» Users >» aungz » AppData » Local >» Microsoft » Edge » UserData » Default 


a Name . Date modified Type Size 
iB Asset Store 9/14/2022 1:37 PM File folder 
|_| AssistanceHome 9/14/2022 1:37 PM File folder 
iB AutofillStrikeDatabase 11/7/2022 1:06 PM File folder 
O blob_storage 11/7/2022 1:06 PM File folder 
sor 
|_| BudgetDatabase 11/7/2022 1:06 PM File folder 
a Cache 11/3/2022 8:20 PM File folder 
Code Cache 9/12/2022 11:21 PM File folder 
iB Collections 9/13/2022 12:31 PM File folder 
Other Profile 
Cc e_o . co iy iy C 
oroar05cQ Microsoft Edge 99 Syn o90Q330209 gle@ur0d ga[gozaacnd 
02899390209 232008 Profile ¢ 08 (8: odaqdlocuSi_ slaoeor9 39053{g 
it 8 7 § 8 mane | 24] cs t° L 
~ So] ¢ . Qc, Ic 
09993960! @OD99010205II Analysis BBOC2NICOIP BBOODCIOII 


This PC >» Local Disk (C:) » Users >» aungz » AppData » Local » Microsoft » Edge » UserData > 


“ Name ° Date modified Type Size 
[| Nurturing 9/14/2022 1:37 PM File folder 
i OriginTrials 9/13/2022 12:33 PM File folder 
in| PnaclTranslationCache 11/3/2022 1:02 PM File folder 
| Profile 1 - 11/7/2022 1:06 PM File folder 
[ Profile 2 11/7/2022 1:06 PM File folder 
Lj Profile 3 11/7/2022 1:06 PM File folder 
Reravandmneniad 0/12/2N2? 12-A2 DAA File folder 
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BROWSER FORENSICS 


History (SQLite Data Base) 


C:\Users\aungz\AppData\Local\Microsoft\Edge\User Data\Default\History 


Download Data 


Database Structure Browse Data Edit Pragmas Execute SQL 


Table:| |_| downloads 18 %3* B28 BS &w ® ° fiteinanycum 
id guid current_path target_path 

[Filter [Filter [Filter [Filter 
1 114 5cb22bfc-6383-4dfb-8af7-bd8b6fe42f79 —_C:\Users\aungz\Downloads\diskeditor-... C:\Users\aungz\Downloads\diskeditor-... 
2 115 8e784073-7ea0-4a02-9eca-1a37adec1881 C:\Users\aungz\Downloads\diskeditor-... C:\Users\aungz\Downloads\diskeditor-... 
3 116 b720fc12-542a-4c8a-878e-fc3ca87cf88c —_C:\Users\aungz\Downloads\diskeditor-... C:\Users\aungz\Downloads\diskeditor-... 
4 117 4f707aa7-0fb1-47bb-8ef5-9907fbb42201 C:\Users\aungz\Downloads\Mobaxterm-v22.1.rar _C:\Users\aungz\Downloads\Mobaxterm-v22.1.rar 
5 118 3ba5e680-ee3d-4edd-a8a3-c49ceb683f07 C:\Users\aungz\Downloads\VMware-... C:\Users\aungz\Downloads\VMware-... 


Download Data 
Keyword Search 


Database Structure Browse Data Edit Pragmas Execute SQL 


Table: |__| keyword_search_terms ia E=y B i a|H bg [Filter in any column 


keyword_id  url_id term normalized_term 
[Filter [Filter [Filter [Filter 
1 2 3 belkasoft portable case viewer belkasoft portable case viewer 
2 2 7 oxygen forensics case example oxygen forensics case example 
3 2 15 goog goog 
4 6 21 oxygen forensics case example oxygen forensics case example 
5 2 24 nist forensics example file nist forensics example file 
6 2 30 nist digital forensics example file nist digital forensics example file 


Keyword Search 


URL 


Database Structure Browse Data EditPragmas Execute SQL 


‘able:| || urls v =] 6 ff cy B a ry y &) ba Filter in any column 

id url title visit_count +1 typed_count last_visit_time hidden 

Filter [Filter [Filter [Filter Filter Filter Filter 
z 430 https://www.elcomsoft.com/. Check your registration key status | Elcomsoft ... 23 5 13311957495096428 it) 
2 407 https://github.com/subhra74/xdm#downloads GitHub - subhra74/xdm: Powerfull download ... 15 0 13311918300600639 0 
3 1438 https://mail.google.com/mail/u/0/?pli=1#inbox 060) =~ ” 14 0 13312265994808595 0 
4 441 https://accounts.google.com/AccountChooser/... Gmail 13 0 13312266659877275 0 
5 442 https://accounts.google.com/AccountChooser?... Gmail 13 0 13312266659704212 0 
Visit URL 


28 


BROWSER FORENSICS 


Bookmarks (File) 


C:\Users\aungz\AppData\Local\Microsoft\Edge\User 
Data\Default\bookmarks 


C:\Users\aungz\AppData\Local\Microsoft\Edge\User 
Data\Default\bookmarks.bak 


| > ThisPC > Local Disk(C:) > Users > aungz » AppData » Local » Microsoft » Edge » UserData » Default > 


“a 


“ Name Date modified Type Size 
|) Webdtorage y/ 14/2u22 1:37 PM rile tolder 
Lj arbitration_service_config.json 11/7/2022 1:06 PM JSON File 5 KB 
([) Bookmarks 11/6/2022 4:42 PM File 5KB 
sor__ _|_] Bookmarks.bak 11/3/2022 4:16 PM BAK File 5 KB 
Lj Bookmarks.msbak 11/6/2022 4:42 PM MSBAK File 5 KB 
3, { 


“date_added": "13311795495672717", 
“date_last_used": "13312203136833242", 
“guid”: “2ccda@ef-f435-4bc8-bfd5-327570d7777c", 


"Ga": "Bg" 
"name": "INTERPOL DFEG 2022" 


“show_icon": false, 
"source": “user_add", 
“type"™: “url”, 
“url”: “https://dfeg.nfsu.ac.in/" 
}, { 
“date_added": "13311935880882105", 
“date_last_used": "@", 
“guid”: “fb62c679-5214-4F06-9c5e-3cfbc923F018", 
"id": “10", 
“name": “eift_20220429 infograph.png (2000x1436)", 
“show_icon"™: false, 
“source”: “user_add", 


“https: //www.elcomsoft.com/wallpapers/eift 20220429 infograph. 


Open With Text Editor 
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Extension & Addons (Folder) 


C:\Users\XXX\AppData\Local\Microsoft\Edge\User Data\Default\Extensions 


This PC » Local Disk (C:) >» Users >» aungz » AppData » Local » Microsoft » Edge » UserData > Default 


“~ 
“ Name Date modified Type Size 
|) Extension state lif é/2udé 1:40 PM File tolder 
Extensions 11/7/2022 1:40 PM File folder 
Feature Engagement Tracker 9/13/2022 12:16 PM File folder 
File System 11/3/2022 3:03 PM File folder 
4 JSON 
b> background 
> browser_action 
» commands 
description XDM is an open source download manager 
b> icons 


key : MIIBJANBgkqhkiG9Qw0BAQEFAAOCAQS8AMIIBCgKCAQEA4BiIZhGjOlpqcE94AY83i2tkNGGtqlO9EHmMpV79awrSvqvDKS pK: 
manifest_version : 2 
minimum_chrome_version : 18.0 
name : XDM Browser Monitor 
b permissions 
update_url : https://edge.microsoft.com/extensionwebstorebase/v1/crx 
version ; 2.1 


Open With JSON Viewer 


Login (SQLite Database) 


C:\Users\XXX\AppData\Local\Microsoft\Edge\User Data\Default\Logins 


>» ThisPC >» Local Disk (C:) » Users » aungz » AppData » Local » Microsoft » Edge » UserData » Default 


A 
“a 


Name Date modified Type Size 

‘a LOG 11/7/2022 1:25 PM File OKB 

C4 LOG.old 11/7/2022 1:03 PM OLD File OKB 

[} Login Data 11/7/2022 1:25 PM File 80 KB 
. ey Login Data-journal 11/7/2022 1:25 PM File OKB 

eA ae = a ee ee Jak een sa a ns a ere 
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Table: __| breached “is ZS o cay B Ee aH 4g [Filter in any column 
url username status alert_state last_checked_time  sanitized_username ale 
[Filter [Fitter |Fitter [Fiiter JFitter |Fitter Tritt 
1 https://www.digital4n6journal.com/ Egon 0 0 13308071204540976 azm 
2 https://archive.org/account/login SE a eeseee 0 0 13308114998112355 
3. https://my.isc2.org/s/login/ Pome el aces) 0 0 13308114998112355 
4 https://wsr.pearsonvue.com/testtaker/signin/... Ste: 0 0 13308114998112355 
5 https://www.aliexpress.com/af/in-myanmar.htm| SEE. 0 0 13308740221832633 
6 http://tplinklogin.net/ _ — 0 0 13308982790723519 
7 http://192.168.1.1/ é _— 0 0 13308982790723519 


Login Data Open With DB Browser 


Top Sites, Thumbnails (SQLite Database) 


C:\Users\XXX\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites 


> ThisPC >» Local Disk (C:) >» Users >» aungz >» AppData » Local » Microsoft >» Edge » UserData » Default 


~ 


co Name Date modified Type Size 
Network Action Predictor-journal lis f/s2U022 1:4u0 PM rile U KG 
| Preferences 11/7/2022 1:41 PM File 629 KB 
“| PreferredApps 9/13/2022 12:16 PM File 1KB 
Persor [] README 9/12/2022 11:21 PM File 1KB 
‘| Secure Preferences 11/7/2022 1:40 PM File 73 KB 
* —] Shortcuts /2022 1:40 PM File 92 KB 
|] Shortcuts-journal 11/7/2022 1:40 PM File OKB 
z |_|] Top Sites 11/7/2022 12:01 AM File 20 KB 
_] Top Sites-journal 11/7/2022 12:01 AM File OKB 
New Database @ Open Database Write Changes @Revert Changes (@oOpen Project (fF 
= 
Database Structure Browse Data Edit Pragmas Execute SQL E 
Table: |_| top_sites ba  & 6 =f Cay B = 3 | » [Filter in any column 
url url_rank title 
1 https://www.office.com/ 19 am 
2 http :// aT | 
3. https://www.mendeley.com/qguides/apa-citation-... 12 
4 https://suaqgiiiinsass 1S a ae ees 
5 https:/ jot 1) ms rae OSES ay 
6 https://_gl ee... 8 New tab F 
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Form Data (Auto Fill) (SQLite Database) 


C:\Users\XXX\AppData\Local\Microsoft\Edge\User Data\Default\Web Data 


4 > ThisPC » Local Disk (C:) » Users >» aungz » AppData » Local » Microsoft » Edge » User Data 


“~ 


“ Name Date modified Type S 
Lj) tusteu voun big epeuee wety ravi ruc 
i Visited Links 11/7/2022 1:40 PM File 
By Vpn Tokens 9/14/2022 1:37 PM File 
Persor Oo Vpn Tokens-journal 9/14/2022 1:37 PM File 
{|| Web Data 11/7/2022 1:40 PM File 
: | |_|] Web Data-journal 11/7/2022 1:40 PM File 


Table: __| autofill_profile_emails v| 8 Bs cay 2B ef =| » [Filter in any ... 
guid email 


b49e5ecc-acb1-4cde-93e2-6d0b207e5627 


8e719a83-2016-47a0-a88a-2bd081944b2c 
42b763d7-a487-4182-b84f-2c41bd044799 
f00176ea-92d3-4f28-8fe6-121fb6cc49c2 : ae 


- Ww N F 


Session (Folder) 


C:\Users\XXX\AppData\Local\Microsoft\Edge\User Data\Default\Session 


« Local Disk (C:) » Users » aungz » AppData » Local » Microsoft » Edge » UserData » Default » Sessions 


“A 


“ Name Date modified Type Size 
i Session_13312276405808168 11/7/2022 1:06 PM File 16 KB 
[|] Session_13312277720249051 11/7/2022 1:40 PM File 91 KB 
aa i Tabs_13312276405893882 11/7/2022 1:06 PM File 358 KB 
|) Tabs_13312277720357182 11/7/2022 1:40 PM File 408 KB 
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Cache (Folder) 


C:\Users\XXX\AppData\Local\Microsoft\Edge\User Data\Default\Cache 


im « Users >» aungz » AppData > Local » Microsoft » Edge » UserData » Default » Cache » Cache Data 


nw 
is Name Date modified Type Size 
“| data_0 1/7/2022 1:40 PM File 296 KB 
[| data {7/2022 1:40 PM File 3,848 KB 
eee [ |] data_2 7/2022 1:40 PM File 5,128 KB 
[|] data_3 11/7/2022 1:40 PM File 61,448 KB 
[|] £.00000a 3/2022 8:21 PM File 212 KB 
] £.00000b 1/3/2022 8:21 PM File 49 KB 
"| €.00000d 11/3/2022 8:22 PM File 630 KB 
[| £.00000e 3/2022 8:22 PM File 654 KB 
| £.00000F 1/3/2022 8:22 PM File 707 KB 


Edge Artifcats On MAC OS 


/Users/{username}/Library/Application Support/Microsoft Edge/ 
Default/History 


/Users/{username}/Library/Application Support/Microsoft Edge/ 
{profile}/History 
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Opera Browser 
: je) ° ie : 
Opera Browser 0) Chromium Browser Be[gdcorz03300205 Analysis 9 


N Cc | C 3] Cc Ne {e) QO C¢ | 
Chrome § SOCODO ODOOII Sle[aqoé 3260 9209 3a6GD)30OD a[geord Pell 


° N 


‘ (e) 
Chromium Browser op) 326 [9000203 [gozea0 Browser GO2MCOI 


° 


Google Chrome, Edge, Brave 030(gddloou51 


Location 


C:\Users\XXX\AppData\Roaming\Opera Software\Opera Stable 


Q > ThisPC » Local Disk(C:) >» Users » aungz » AppData » Roaming » Opera Software » Opera Stable > 


A 


ta Name Date modified Type Size 

a adblocker_data 11/7/2022 10:04 AM File folder 

a AutofillRegex 9/13/2022 12:57 PM File folder 

Person |_| AutofillStrikeDatabase 11/7/2022 10:03 AM File folder 
|_| blob_storage 11/7/2022 10:03 AM File folder 

|| BudgetDatabase 11/7/2022 10:03 AM File folder 

|) CertificateRevocation 11/7/2022 10:03 AM File folder 

ey Code Cache 9/13/2022 12:57 PM File folder 

: |) Crash Reports 9/21/2022 12:40 AM File folder 
a databases 9/13/2022 11:48 PM File folder 

ts B DawnCache 11/6/2022 5:33 PM File folder 
s fl Extension Rules 11/7/2022 12:06 AM File folder 
a Extension Scripts 11/7/2022 12:06 AM File folder 

|_| Extension State 11/7/2022 10:03 AM File folder 

L4 Extensions 11/7/2022 12:06 AM File folder 

11/7/2022 12:07 AM File folder 


LA File System 


History (SQLite Database) 


History 


C:\Users\XXX\AppData\Roaming\Opera 


Software\Opera 


Stable\ 


Download (SQLite Database) 


History 


C:\Users\XXX\AppData\Roaming\Opera 


Software\Opera 


Stable\ 
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Keywords Search (SQLite Database) 


C:\Users\XXX\AppData\Roaming\Opera Software\Opera Stable\ 
History 


Login Data (SQLite Database) 


C:\Users\XXX\AppData\Roaming\Opera Software\Opera Stable\ 
Login Data 


Form Data, Auto Fill (SQLite Database) 


C:\Users\XXX\AppData\Roaming\Opera Software\Opera Stable\ 
Web Data 


Session (Folder) 


C:\Users\XXX\AppData\Roaming\Opera Software\Opera  Stable\ 
Folder 


Extension (Folder) 


C:\Users\XXX\AppData\Roaming\Opera Software\Opera  Stable\ 
Extensions 


Bookmarks (File) 


C:\Users\XXX\AppData\Roaming\Opera Software\Opera 
Stable\Bookmarks 


C:\Users\XXX\AppData\Roaming\Opera Software\Opera 
Stable\Bookmarks.bak 
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Favicons (SQLite Database) 


C:\Users\XXX\AppData\Roaming\Opera Software\Opera Stable\ 
Favicons 


Cache (Folder) 


C:\Users\XXX\AppData\Local\Opera Software\Opera Stable\ Cache\ 
Cache_Data 


Brave Browser 
\ : je) ° \ C 
Brave Browser acd Chromium Browser o> 326 [9000203300205 Opera 


aN Cc | C¢ 
Bowser S80CODUIODUNII 


Location 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default 


Profile Location 


C:\Users\aungz\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Profile 


History (SQLite Database) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\History 


Download (SQLite Database) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\History 
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Keywords Search (SQLite Database) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\History 


Login Data (SQLite Database) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\Login Data 


Form Data, Auto Fill (SQLite Database) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\Web Data 


Session (Folder) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\Sessions 


Extension (Folder) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\Extensions 


Bookmarks (File) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\Bookmarks 


Favicons (SQLite Database) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\Favicons 
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Top Sites (SQLite Database) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\Top Sites 


Cache (Folder) 


C:\Users\XXX\AppData\Local\BraveSoftware\Brave-Browser\User 
Data\Default\Cache 


7 


a ° oc C¢ C . 
Window @939933{4)8E03 Browser BONGO EPZEPsq, Artifacts 
J L L ° 


{e) is (ey (2) | (2) N : 
conrew3(g 08 [§z03020 (Bu Browser GO?) Artifacts BBQPeOOD 
OL L ie) O b L 


(%APPDATA%\) OSergon003 [gé @9{gdlosu5u Browser 6024, Private 


Browsing 39932{q)@051 History Gosmqcseusi APPDATA g}O50305 
L Oo Ld L L 


fe) 
J 


Cc 


Bevlasi ate Browser Artifacts GO24q Ga0330le05 Volume Shadow Copy 


ie) Cc Cc ° ie) C €¢ 90 OC Cc 
§/Sp9|CC 022 3AQ\COID9800I20II COIM) §[03 COSCO ODOOII 


° 


ea) 39.933{4|03 Browser History Examiner 


Cc Cc C Cc 
OPOMIOIOISs COMICO? . 


° 


(e) . (e) (>) 
6oomad APPDATA 050§)03 Browser 6024 Artifacts Goom 300/03 
(e) J od ° oO lb oO L oO tl 


C OC : Qo. C¢ Cc \ (9 Cc Cc | C¢ ~ 
oomancep Artifacts sac 399096038|G2605[yor[gbo ODUDII S9SITIESS 
L L (oxo) IL ° 

ie) Cc Cc ] Cc : 
Edge Browser Besam0605 [yoo D051 Commercial Computer 


. XY. 06.0 Nc 
Forensics Tools 6O2CD SCKOIOII 


@® Browser History Examiner - Extracting Data > 
Initialising... “ 
Extracting Edge website history (Default profile)... ia 
Extracting Edge website history (Profile 1 profile)... 


Extracting Edge website history (Profile 2 profile)... 

Extracting Edge website history (Profile 3 profile)... 

Extracting Edge download history (Default profile)... 

Extracting Edge download history (Profile 1 profile)... 

Extracting Edge download history (Profile 2 profile)... 

Extracting Edge download history (Profile 3 profile)... 

Extracting Edge Legacy bookmarks... v 


Extraction Data From Edge 


38 
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@& Browser History Examiner - Extracting Data x 


Initialising... 

Extracting Firefox website history (k4eqcux8.default-release profile)... 

Extracting Chrome website history (Default profile)... 

Extracting Chrome website history (Profile 1 profile)... 

Extracting Firefox download history (k4eqcux8.default-release profile)... 

Extracting Chrome download history (Default profile)... 

Extracting Chrome download history (Profile 1 profile)... 

Extracting Firefox bookmarks (k4eqcux8.default-release profile)... 

Extracting Chrome bookmarks (Default profile)... 

Extracting Chrome bookmarks (Profile 1 profile)... v 


Extraction Data From Chrome 


ig ° ON . ~ 50) ¢ 
C37IMI ONION CODD Chrome MEHQ)4)OD Artifacts GOV OOIODOOI 


Commercial Tools [550330205 Searching, Filtering , Date and Time 


Idloo0S 
Gg)2OIIEOD OlOIODOOI 
16) 10) 


Artefact Records | Website Visits | Report Preview 
= Filter by keyword 
Bookmarks 265 » 8% portal.azure.com 379 visits 
Browser Settings 12 » @ google.com 279 visits 
Cached Files 5850 di rer ar 180 visits ea 
Pee 7 : - 157 visits 
0 HE login.live.com 112 visit: 
Cached Web Pages 266 BE log = aad Fine by ane 
' B blogger.com 103 visits 
Cookies 334 
' B accounts.google.com 103 visits —s Select a date [13] 
Downloads 36 i — ~~ 
— » G mail.google.com 86 visits 
aad = » BE learn.microsoft.com 84 visits To: Selecta date [15] 
Favicons 1763 » HE login.microsoftonline.com 80 visits 
Form History 714 re . 55 visits 
Filter by tim 
tage =~ » — 192,168.1.1 47 visits 
Susie ss » BE account.microsoft.com 47 visits Festa Sclecta ime 
» HE microsoft.com 43 visits 
Session Tabs 322 
bat t# ; > 41 visits To: Select a time [¥ 
Site Settin 262 “ . 
» © github.com 29 visits v 
Elmar bs ‘Summary View (Top 1000) | Detailed View | 
Website Visits 2498 Filter by web browser 
se ome = 
O gececon 
wares een 
(atte te — - — — _ ——— ey oat rome 
Website Vist Count» 08/12/2002 to 1107/2002 m 
= 
oo re oy me te 
er r 
a 
oo 
ot Ls 


39 


BROWSER FORENSICS 


2) Cc _O Ne N\ Oo N 
3ESEPEIOIOSGONM saeulereq?da009 Browser 6024) 
J L J J ° L oO | 
‘ i Oo Oo i 1 O N 
Artifacts Location COQMODGIBOLPOIUIODE! 32q| Tools 6024, 
oO iL IL L IL 9° oO b 
3202$052g|GO0DQ0X) Browser Update cpdoxneo2§oxne[aq2€ 
sEPEAITISORA Pacino 2203) 
Cc 4 Co . Oo Cc Oo 1 Cc 
O2H9910I0q ed Information GodM 32a 223200[YoO226024)V!0905I 
J OL ° O 4 
3] i . . e) Cc _O ‘ 
dle[agoé Browser Artifacts Location GO2 WOM DWv0ocw File 
c(e Cc O C¢_.O Cc O Cc \ Oo Sol 
GO|GO|[G? DVICOOCAIGEUSSDOI OO¥GCS029939E$H DD00D200CU 
@) LO Lo L IL ° ° 
Cc ie Co e) 
ODU5II 3996(659[4oor203 Browser 3a gc0209 11-07-2022 3aco Up 
Cis * 50] Cc Cc ° 
To Date [3503 Browser Version 603(g50 OIVDII 63INIMOAD 
7 \ Cc 1 Cc COUN Cc 4 Cc ON 3] 
Firefox MeGqQoD Data GoOd|Q®UlOD0DII O209002|$6§0!0909 383109 
° Oo L 
‘ (e) (2) b 
Downlaod 0309 Information 3e[goosso200li 36$EP ED Firefox 5) 
. e) OoOoc e) : 
File GORA Download @090IIG)8CDD00! Commercial Tools Error 


03{gS8écloo05i sladqé Menual Check [o395q92[gdolosu5u 


Bookmarks 7 Last Fetched Server Time Content Type URL 

11/06/2022 10:20:34 | 11/06/2022 10:20:35 _| application/zip https://r4---sn-npoeens7.gvt1.com/e 

Browser Settings 9 = = — 
G } 11/06/2022 12:41:53 | 11/05/2022 23:20:10 __| text/javascript https://www.google.com/xjs/_/js/k=x 
Cached Files 3938 G text/javascript https://www.google.com/xjs/_/js/k=x 
video/mp4 https://static,javhd.com/prerolls/squi 
Cached Images 1040 video/mp4 https://u3y8v8u4.aucdn.net/library/6! 
Cached Web Pages 381 application/javascript _ | https://use.fontawesome.com/release 
11/06/2022 11:10:14 | 11/06/2022 11:00:43 | video/mp4 https://u3y8v8u4.aucdn.net/library/1 
Cookies 318 text/javascript https://www.gstatic.com/_/mss/boq-! 
11/06/2022 13:52:28 | 11/06/2022 10:47:56 _| text/javascript https://www.gstatic.com/_/mss/boq-: 
Downloads ° application/x-javascript | https://static.tp-link.com/res/js/ada/c 
Email Addresses 7 text/javascript https://pagead2.googlesyndication.c: 


11/06/2022 11:55:54 {11/06/2022 11:55:30 _| text/javascript https://pagead2.googlesyndication.c: 


Favicons 56 © | 11/06/2022 10:47:57 | 11/06/2022 10:45:43 _| application/javascript _| https://openwrt.org/lib/exe/js.php?t= 
© | 11/06/2022 10:47:57 | 11/06/2022 10:45:43 _| application/javascript _ | https://openwrt.org/lib/plugins/datat 


Form Hist 26 
ia asf 11/06/2022 10:58:59 | 11/04/2022 12:22:07 _| application/javascript _| https://script-hotjar.com/modules.fle 
Logins 3 11/06/2022 10:58:53 | 11/06/2022 10:40:58 | application/javascript _| https://www.googletagmanager.com 
11/06/2022 11:09:40 | 11/06/2022 11:00:24 | application/javascript _| https://www.googletagmanager.com 
Searches 55 © | 11/06/2022 10:47:57 | 11/06/2022 10:45:43 _| application/javascript _| https://openwrt.org/lib/plugins/datat 


oe, oe 34 text/javascript https://www.gstatic.com/og/_/js/k=o 

11/06/2022 10:58:51 | 11/01/2022 03:44:56 _| application/x-javascript| https://static.tp-link.com/res/js/ada/é 
Site Settings 0 text/javascript https://www.googletagservices.com/, 
. text/javascript https://www.googletagservices.com/: 
diet : text/javascript https://www.googletagservices.com/, 


Website Visits 232 11/06/2022 11:55:55 | 11/06/2022 11:55:32 _| text/javascript https://pagead2.googlesyndication.c: 
11/06/2022 11:55:01 | 11/06/2022 11:54:48 _| text/javascript https://pagead2.googlesyndication.c: 


No Download Information 
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Downloads (SQLite Database) 
Firefox oo6$ Download [G)95009203 File 6020360999020002020[g6looU51 


. . e) C¢ 
Places.sqlite File come moz_annos Table oSergoloousu Downlaod 


: oc : Cc coc {e) 
Information a[gSéore Browser Version Update [gdaz02020[(g6$E0008 


coc Cc 
Tools Error o3{gdSEdloou5u 


C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\[profilelD].default- 
release\places.sqlite 


Database Structure Browse Data Edit Pragmas Execute SOL 

fable Ss os ee & mn BS “4 » | Filter in any column 
id guid current_path = 

[Filter [Filter [Fitter 

13 16 8fe7515a-b234-48fe-alfd-fe4Scb93b8aa_  C:\Users\aungz\Downloads\)e@! s20ge@01 a 

14 17 f0501117-a254-4529-9b59-19b33743b391 C:\Users\aungz\Downloads\2 71 acOoza00:¢ 

is 18 ac7Sddbc-43e2-4fa2-8027-88fSe0d96708 C:\Users\aungz\Downloads\go1 02a Sgz 

16 19 a49f2181-8f67-4c44-9736-c5cc8126a341 C:\Users\aungz\Downloads\s jy! CcoecozwE 

17 20 8c298abe-0013-48a9-80cc-0f5d443979f3 C:\Users\aungz\Downloads\s0e61 Qjozc2! € 

18 21 1e613ca2-b474-4c18-a245-7dad33de7650 C:\Users\aungz\Downloads\s0o1 336 (qec 

19 22 7e3e23a7-9691-4062-b65b-5c23f9450078 C:\Users\aungz\Downloads\s0a1 saGieoqy 

20 25 48342fd3-cf5c-4f39-9168-fb4910fsaisd C:\Users\aungz\Downloads\1665714152_N 

21 26 7c7010e8-08b2-409c-8ce6-577135d65b3a C:... 

22 27 4c373a6a-6d81-4e50-901b-c8f2b29c3c3a C:\Users\aungz\Downloads\1665565132_L 


Download File From Firefox (Open With DB Browser) 


OpenSource Tools Download Link 


DB Browser 


https://sqlitebrowser.org 


Browser History View 


https://www.nirsoft.net/utils/browsing_history_view.html 


Browser History Examiner 


https://www.foxtonforensics.com/browser-history-examiner/ 
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BROWSER FORENSICS 


Browser History (Capture/Viewer/ SQLite Examiner) (Free Tools) 


| https://www.foxtonforensics.com/ 


Firefox Search Engine Extractor 


https://www.jeffersonscher.com/ffu/searchjson.html 


Every Browser Version Update, See Browser Developer Question and Answer 


Good Luck 


Aung Zaw Myo 
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